knot-dns-users

knot-dns-users@lists.nic.cz

6 participants
703 discussions

Start a nNew thread

syslog server?

by jh＠netriplex.com

Hello, Is there any plan to add the ability to allow logging to a syslog server vs. a log file? Regards, Jonathan

11 let, 6 měsíců

Log messages leaking to syslog

by Anand Buddhdev

I've configured Knot 1.2.0-rc3 to log to a file with this: log { file "/var/log/knot/knot.log" { any debug, info, notice, warning, error; } } However, some log messages are appearing in /var/log/messages via syslog, for example: Mar 9 11:51:37 ams3 knot[30177]: [error] Incoming AXFR transfer of '0.0.0.0.a.2.ip6.arpa.' with '193.0.0.198@53' key 'ripencc-20110222.': Zone transfer refused by the server. Looks like some parts of Knot are not honouring the file log option. Regards, Anand

11 let, 6 měsíců

Plain text copy of zone files

by Anand Buddhdev

Hello Knot developers, I've added some zones to my Knot configuration like this: zones { example.com { file example.com; xfr-in master; notify-in master; } } After Knot has started up, I see the following files in the storage directory: example.com example.com.db example.com.db.crc example.com.diff.db I see that Knot keeps a copy of the zone in a compiled form. Why does it also dump the plain text zone? This would be okay for a small number of zones, but if I want to load a few thousand zones, then all those plain text copies of the zone files will take up unnecessary space on the disk. I tried to turn off the plain text copy by removing the "file example.com" config line, but then Knot created a file called "example.com..zone" (yes, with two dots) to keep a plain text copy of the zone anyway. Is it possible to turn off this plain text dump of the zone? Regards, Anand

11 let, 6 měsíců

Knot DNS 1.2.0-rc3 release

by Marek Vavruša

Hi everyone, I'm happy to announce that the 3rd and hopefully final release candidate of Knot DNS 1.2.0 is out! This one not only brings a few bugfixes, but also a new feature. The hot topic of the day - Response Rate Limiting, based on the work of Vernon Schryver and Paul Vixie (http://www.redbarn.org/dns/ratelimits). If you're not familiar with the topic, it is a way to combat DNS amplification and reflection attacks. General idea is to identify flows in outgoing responses and block responses exceeding the rate limit. To get at least some degree of service for victims a mechanism called SLIP is used, causing each Nth blocked response to be sent as truncated, thus enabling legitimate requests to reconnect over TCP. You can enable rate limiting by setting option "rate-limit" to a value greater than 0, for example: system { rate-limit 100; } For more about rate limiting knobs, refer to the documentation or a sample configuration. Any feedback is more than welcome before it lands in the final version! As usual, you can find a full list of changes at https://redmine.labs.nic.cz/projects/knot-dns/repository/revisions/v1.2.0-r… Sources: https://secure.nic.cz/files/knot-dns/knot-1.2.0-rc3.tar.gz GPG signature: https://secure.nic.cz/files/knot-dns/knot-1.2.0-rc3.tar.gz.asc Packages available at www.knot-dns.cz will be updated soon as well. Have a nice weekend, Marek -- Marek Vavruša Knot DNS CZ.NIC Labs http://www.knot-dns.cz ------------------------------------------- Americká 23, 120 00 Praha 2, Czech Republic WWW: http://labs.nic.cz http://www.nic.cz

11 let, 7 měsíců

Knot DNS v1.2-rc2

by Marek Vavruša

Hi everyone, it's been a while since the first release candidate was released. For the last few days, we've been busy testing, ironing out encountered bugs and polishing. We fixed a few issues related mainly to DDNS parsing code and processing of some non-standard domain names. As for every release candidate, all users of 1.2rc1 are recommended to update. If everything goes smooth, we'll have a final release shortly. Thanks everyone for a feedback related to last release! You can find a full list of changes at https://redmine.labs.nic.cz/projects/knot-dns/repository/revisions/v1.2-rc2… Sources: https://secure.nic.cz/files/knot-dns/knot-1.2-rc2.tar.gz GPG signature: https://secure.nic.cz/files/knot-dns/knot-1.2-rc2.tar.gz.asc Packages available at www.knot-dns.cz will be updated soon as well. Cheers, Marek -- Marek Vavruša Knot DNS CZ.NIC Labs http://www.knot-dns.cz ------------------------------------------- Americká 23, 120 00 Praha 2, Czech Republic WWW: http://labs.nic.cz http://www.nic.cz

11 let, 7 měsíců

Single address limitation per interface and remote server

by Matthias-Christian Ott

I just successfully migrated a several zones from NSD to Knot DNS. The migration was straightforward and quick, but I limiting the number of addresses per interface and remote server to one doesn't make sense to me especially with dual stack hosts. This is more intuitive to me in NSD. What is the rationale behind the current syntax? Regards, Matthias-Christian

11 let, 8 měsíců

Knot DNS 1.2-rc1 finally out!

by Marek Vavruša

Hi Everyone, we're proud to announce, that release candidate for the next major release 1.2 is out! Apart from a couple bugfixes, it features full DDNS support (including update forwarding). There are a few limitations related to DNSSEC-signed zones, please refer to user manual for more information. Access control for dynamic updates could be configured in a similar fashion to transfers, using the 'update-in' keyword. Next major thing is an updated remote control tool. Basic commands for start/stop/restart/compile and checks are the same as they were, but the command for refresh/flush/status could be executed remotely given the right configuration. You can enable remote control interface with a new config section 'control', f.e.: control { listen-on { address 127.0.0.1@5553; } allow remote0; } You can also specify a remote with associated TSIG key for security reasons. Knot control tool then accepts host, port and TSIG key as a parameter, f.e.: $ knotc -s 127.0.0.1 -p 5553 status Key could be also specified in a file instead of a command line parameter. But that is just a tip of the iceberg. For more smaller features, like configurable TCP timeouts or LOC support, refer to RELNOTES and a user documentation. RELNOTES: https://git.nic.cz/redmine/projects/knot-dns/repository/revisions/v1.2-rc1/… Sources: https://secure.nic.cz/files/knot-dns/knot-1.2-rc1.tar.gz GPG signature: https://secure.nic.cz/files/knot-dns/knot-1.2-rc1.tar.gz.asc Packages available at www.knot-dns.cz will be updated soon as well. Cheers, Marek -- Marek Vavruša Knot DNS CZ.NIC Labs http://www.knot-dns.cz ------------------------------------------- Americká 23, 120 00 Praha 2, Czech Republic WWW: http://labs.nic.cz http://www.nic.cz

11 let, 8 měsíců

knot performace?

by AndyChen

Hi, does the knot have performance test, if have, wuold you give the report? Best wishes!

11 let, 8 měsíců

Knot DNS 1.1.3 just released!

by Marek Vavruša

Hi everyone, it's been two weeks since the rc1 was released, and I'm happy to announce, that the Knot DNS 1.1.3 is finally out! The release candidate fixed a couple issues related to answering DS queries, parsing of improper zone files and a wrong ARCOUNT in some error responses when EDNS0 was enabled. As for every bugfix release, we recommend all 1.1.2 users to update, even if no new features were added. Enjoy and have a merry Christmas. Full list of changes is at https://git.nic.cz/redmine/projects/knot-dns/repository/revisions/v1.1.3/en… Sources: https://secure.nic.cz/files/knot-dns/knot-1.1.3.tar.gz GPG signature: https://secure.nic.cz/files/knot-dns/knot-1.1.3.tar.gz.asc Packages available at www.knot-dns.cz will be updated soon as well. Cheers, Marek -- Marek Vavruša Knot DNS CZ.NIC Labs http://www.knot-dns.cz ------------------------------------------- Americká 23, 120 00 Praha 2, Czech Republic WWW: http://labs.nic.cz http://www.nic.cz

11 let, 9 měsíců

Knot DNS 1.1.3-rc1 released

by Lubos Slovak

Hi, we've recently fixed some issues in Knot DNS, mainly answering to DS queries (thanks to reports by Phil Regnauld, Casey Deccio and Erwin Lansing!). Other fixes are listed here: https://git.nic.cz/redmine/projects/knot-dns/repository/revisions/v1.1.3-rc… After the usual one week, the final 1.1.3 will be released. Sources: https://secure.nic.cz/files/knot-dns/knot-1.1.3-rc1.tar.gz GPG signature: https://secure.nic.cz/files/knot-dns/knot-1.1.3-rc1.tar.gz.asc Packages at www.knot-dns.cz will be updated ASAP. Meanwhile, we're still working on 1.2 which is a bit delayed - dynamic updates are giving us a hard time. But we're doing our best to release it before Christmas. Regards, Lubos

11 let, 9 měsíců

← Newer
1
...
63
64
65
66
67
68
69
70
71
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

knot-dns-users